1on: 2 push: 3 branches: 4 - main 5 pull_request: 6 7name: FIH hardening 8 9concurrency: 10 group: fih-${{ github.event.pull_request.number || github.ref }} 11 cancel-in-progress: true 12 13jobs: 14 config: 15 strategy: 16 fail-fast: false 17 matrix: 18 fih_env: 19 # FIH environment must use the following space separated format: 20 # BUILD_TYPE SKIP_SIZE DAMAGE_TYPE FIH_LEVEL(optional) 21 - "RELEASE 2,4,6 SIGNATURE" 22 - "RELEASE 2,4,6 SIGNATURE LOW" 23 - "RELEASE 2,4,6 SIGNATURE MEDIUM" 24 - "RELEASE 8,10 SIGNATURE" 25 - "RELEASE 8,10 SIGNATURE LOW" 26 - "RELEASE 8,10 SIGNATURE MEDIUM" 27 - "MINSIZEREL 2,4,6 SIGNATURE" 28 - "MINSIZEREL 2,4,6 SIGNATURE LOW" 29 - "MINSIZEREL 2,4,6 SIGNATURE MEDIUM" 30 - "MINSIZEREL 8,10 SIGNATURE" 31 - "MINSIZEREL 8,10 SIGNATURE LOW" 32 - "MINSIZEREL 8,10 SIGNATURE MEDIUM" 33 runs-on: ubuntu-latest 34 steps: 35 - uses: actions/checkout@v2 36 with: 37 fetch-depth: 0 38 # Uses Mbed TLS from TFM, and nothing else from here. 39 submodules: false 40 - name: Print the environment 41 run: | 42 uname -a 43 lscpu 44 free 45 pwd 46 - name: Signed commit check 47 if: ${{ github.event_name == 'pull_request' }} 48 run: | 49 ./ci/check-signed-off-by.sh 50 - name: FIH hardening test install 51 run: | 52 ./ci/fih-tests_install.sh 53 - name: FIH hardening test run 54 env: 55 FIH_ENV: ${{ matrix.fih_env }} 56 run: | 57 ./ci/fih-tests_run.sh 58
